Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2010-0029

Опубликовано: 12 янв. 2010
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2010-0029: krb5 security update (CRITICAL)

[1.6.1-36.el5_4.1]

  • add candidate patch to correct KDC integer overflows which could be triggered by malformed RC4 and AES ciphertexts (CVE-2009-4212, #546347)

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

krb5-devel

1.6.1-36.el5_4.1

krb5-libs

1.6.1-36.el5_4.1

krb5-server

1.6.1-36.el5_4.1

krb5-workstation

1.6.1-36.el5_4.1

Oracle Linux x86_64

krb5-devel

1.6.1-36.el5_4.1

krb5-libs

1.6.1-36.el5_4.1

krb5-server

1.6.1-36.el5_4.1

krb5-workstation

1.6.1-36.el5_4.1

Oracle Linux i386

krb5-devel

1.6.1-36.el5_4.1

krb5-libs

1.6.1-36.el5_4.1

krb5-server

1.6.1-36.el5_4.1

krb5-workstation

1.6.1-36.el5_4.1

Связанные CVE

CVE-2009-4212

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2009-4212

ubuntu
больше 15 лет назад

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.

redhat логотип

CVE-2009-4212

redhat
больше 15 лет назад

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.

nvd логотип

CVE-2009-4212

nvd
больше 15 лет назад

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.

debian логотип

CVE-2009-4212

debian
больше 15 лет назад

Multiple integer underflows in the (1) AES and (2) RC4 decryption func ...

github логотип

GHSA-39cv-j24w-8wvf

github
около 3 лет назад

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.